Skip to site navigation

banner

Help and Support

The following Support options are available:

  1. Service Desk: The Service Desk will be able to assist with support queries and will forward on other queries to the correct team. The Service Desk is located in the DMS Watson Science Library, Malet Place. The Service Desk web page provides details on opening times and a location map.

Issues and information


1.) Windows 8 [UPDATED]

A new release of the Cisco software has been released which supports the Windows 8 Operating System.

We will be running this software in a test environment for a period of time and once satisfied with its performance, we will roll it out to the Remote Access VPN service.

We hope to be in a position to provide Windows 8 support by the end of April 2013.


top


2.) Sophos anti-virus

Sophos have recently upgraded their versions of the Windows and Mac client software and forced all clients to upgrade to this version. 


These two products have been successfully tested. They are available on the UCL software database at: http://swdb.ucl.ac.uk/?filter=virus

Sophos on Mac machines:

On Mac machines, after the Sophos anti-virus client has automatically upgraded to the new version 8, a few machines are reporting that their anti-virus definitions are out of date, even though they appear updated on the client. This is because the cisco AnyConnect client appears to be looking at the original install of Sophos (which is now out of date), and not looking at the new engine which was actually installed/upgraded to.

In addition to this, a few machines appear to have not automatically upgraded to the new version of Sophos (version 8) so are still running Sophos version 7 which is no longer supported and will cease to work with the Remote Access VPN service.

To resolve both of these issues:

1) Uninstall Sophos from your machine completely. To do this:

  • In the main menu along the top of the screen, click on "Go" > click on "Go to Library" >  type "/Library".
  • Open the Sophos Anti Virus folder.
  • Run the "Remove Sophos Anti Virus.pkg" application.

2) Uninstall the Cisco AnyConnect client. To do this:

  • Open a terminal window (type "terminal" in the spotlight search to locate the terminal application.
  • Type the following: sudo /opt/cisco/vpn/bin/vpn_uninstall.sh

Enter your machine password when prompted, and say 'yes' when asked to confirm.

3) Reboot

4) Install Sophos 8 from http://swdb.ucl.ac.uk/package/view/id/322?filter=sophos (you'll need to provide the username and password specified on the download page in order to get definition updates for the software).

5) Run the Sophos "Update Now" option twice, and check that attempting to run it a third time does not return further updates.

6) Open Safari (or your browser of choice) and go to https://vpn.ucl.ac.uk, following the on-screen prompts, and attempt o connect to the VPN.

If you are still having issues, please contact the ISD service desk.

top


3.) Linux connectivity issue -  64-bit systems [UPDATED]

A number of users have reported issues with the 64bit Linux client not working with various Linux flavours.

The error message presented is: Login Denied. Your environment does not meet the access criteria defined by your administrator

The error appears to be related to where Linux distributions place SSL certificate as well as certain library requirements. At present we cannot find a new workaround to get the AnyConnect working natively on 64-bit Linux. The previous notes are still available - see below - but it has been noted by a few users that these no longer resolve the connectivity issue.


However, a workaround to run the Cisco 32-bit client on a 64-bit Linux machine is outlined below. This provided a successful VPN connection within 32-bit Linux (running LXDE) inside a virtual machine hosted within 64-bit Linux (running KDE).

This is only a guide, but was successful for one Linux user who provided us with their steps.

1. Install kvm and a network bridge (this will be distribution-specific).

2. Use kvm set up a virtual machine with network bridging enabled through a static MAC address.

3. On the virtual machine install a 32-bit ISO equivalent of the Linux distribution.

4. Ensure successful network bridging (this may may require writing a distro-specific script).

5. Update and patch the 32-bit install through the virtual machine and if not present install Firefox.

6. Download and install the 32-bit Linux Cisco client onto the VM from the UCL website (it might NOT work).

7. Check for any missing dependencies (e.g. sudo /opt/cisco/anyconnect/bin/vpnui) and install them.

8. Run `firefox vpn.ucl.ac.uk' and the Sun Java Applet will work in establishing a VPN.

For a native 32-bit Linux box, only steps 6-8 are necessary.

We would appreciate any feedback from users who might find a solution so that we can post it here.

Older notes - 32-bit systems and older 64-bit systems

A common error message among 32bit Linux systems is:  Anyconnect cannot confirm it is connected to your secure gateway. The local network may not be trustworthy. Please try another network.

This is to do with where Linux places certificates. See the Linux AnyConnect Problems page for instructions on how place the certificates in the correct location for the VPN AnyConnect client to work.

Other connectivity issues have been reported. We are looking into this. However, Linux is an unsupported Operating System and support can only be provided on a "best efforts" basis.

top

4.) Local printing

For security reasons, Local LAN access is not available when you are connected over the Remote Access VPN service. You therefore cannot access local network printers (i.e. wireless printers). A work around is to directly connect the printer to your computer via USB.

top

Useful tips

  • Connecting the VPN client will securely connect you to UCL. As part of this process, existing network connections will be terminated and need to be re-established.  For example: If you wish to use a voice application (such as Skype), it is recommended that you start the VPN client and then start your call to avoid disruption to your conversation.

Page last modified on 27 mar 13 10:42